<?php 
require_once("./include/bm_config.php");
require_once("./include/funcs.php");
require_once("./include/my_func.inc.php");
require_once("./include/check_post_key.php");
header("Content-type: text/html; charset=utf-8"); 
$err_str="";
$err_cnt=0;
$len;
$user_id=$_SESSION['user_id'];
$user_email=trim($_POST['user_email']);
$user_school=trim($_POST['user_school']);
$user_name=trim($_POST['user_name']);
$user_phone=trim($_POST['user_phone']);
$len=strlen($user_name);
if ($len>100){
	$err_str=$err_str."姓名过长!\\n";
	$err_cnt++;
}else if ($len==0) $user_name=$user_id;
$user_password=$_POST['opassword'];
$sql="SELECT `user_id`,`user_password` FROM `cr_user` WHERE `user_id`='".$user_id."'";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
if ($row && pwCheck($user_password,$row['user_password'])) $rows_cnt = 1;
else $rows_cnt = 0;
mysql_free_result($result);
if ($rows_cnt==0){
	$err_str=$err_str."原密码错误";
	$err_cnt++;
}
$len=strlen($_POST['user_password']);
if ($len<6 && $len>0){
	$err_cnt++;
	$err_str=$err_str."密码长度不得小于6!\\n";
}else if (strcmp($_POST['user_password'],$_POST['rptpassword'])!=0){
	$err_str=$err_str."两次输入密码不一致!";
	$err_cnt++;
}
if(isset($_POST['user_school']))
{
	$len=strlen($_POST['user_school']);
	if ($len>100){
		$err_str=$err_str."校名过长!\\n";
		$err_cnt++;
	}
}
$len=strlen($_POST['user_user_email']);
if ($len>100){
	$err_str=$err_str."电子邮箱过长!\\n";
	$err_cnt++;
}
$len=strlen($_POST['user_phone']);
if ($len>100){
	$err_str=$err_str."电话号码位数过长!\\n";
	$err_cnt++;
}
if ($err_cnt>0)
{
	
	echo "<script language='javascript'>\n";
	echo "alert('";
	echo $err_str;
	echo "');\n history.go(-1);\n</script>";
	exit(0);
	
}
	$user_order0=$_POST['checkuser0'] == 1 ? 'Y' : 'N';
	$user_order1=$_POST['checkuser1'] == 1 ? 'Y' : 'N';
if($user_order0 == 'N' && $user_order1 == 'N')
{
	$err_str=$err_str."至少申请一个赛项!\\n";
	$err_cnt++;
}

echo $_POST['user_password'];
if (strlen($_POST['user_password'])==0) $user_password=pwGen($_POST['opassword']);
else $user_password=pwGen($_POST['user_password']);
$user_name=mysql_real_escape_string(htmlspecialchars ($user_name));

if(isset($_POST['user_school']))
{
	$user_school=mysql_real_escape_string(htmlspecialchars ($user_school));
}
$user_email=mysql_real_escape_string(htmlspecialchars ($user_email));
$user_phone=mysql_real_escape_string(htmlspecialchars ($user_phone));
$user_order0=mysql_real_escape_string(htmlspecialchars ($user_order0));
$user_order1=mysql_real_escape_string(htmlspecialchars ($user_order1));
//echo $user_phone."<\br>".$user_name."<\br>".$user_school."<\br>".$user_email."<\br>";
$sql="UPDATE `cr_user` SET "
."`user_password`='".($user_password)."',"
."`user_name`='".($user_name)."',"
.(isset($_POST['user_school']) ? ("`user_school`='".($user_school)."',") : "")
."`user_email`='".($user_email)."',"
."`user_order0`='".($user_order0)."',"
."`user_order1`='".($user_order1)."',"
."`user_phone`='".($user_phone)."' "
."WHERE `user_id`='".mysql_real_escape_string($user_id)."'"
;
//echo $sql;
//exit(0);
mysql_query($sql);// or die("Insert Error!\n");
header("Location: ./userinfo.php?user=".$user_id);
?>
